BOF RegSave Save

Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File

Project README

About

Beacon Object File(BOF) for CobaltStrike that will acquire the necessary privileges and dump SAM - SYSTEM - SECURITY registry keys for offline parsing and hash extraction.

Instructions

CNA will register the command bof-regsave:

beacon> bof-regsave c:\temp\

By default the output will be saved in the following files:

samantha.txt - SAM
systemic.txt - SYSTEM
security.txt - SECURITY

You can modify the file names by changing entry.c.

Credits

Template & Makefile based on repo from @realoriginal

Reading material for BOF

CS Beacon Object Files

Aggressor-Script functions

Beacon Object Files - Luser Demo

A Developer's Introduction To Beacon Object Files

Github repos

https://github.com/rsmudge/ZeroLogon-BOF
https://github.com/rsmudge/CVE-2020-0796-BOF
https://github.com/trustedsec/CS-Situational-Awareness-BOF
https://github.com/tomcarver16/BOF-DLL-Inject
https://github.com/m57/cobaltstrike_bofs/
https://github.com/rvrsh3ll/BOF_Collection/
https://github.com/realoriginal/bof-NetworkServiceEscalate

Author

@leftp

Open Source Agenda is not affiliated with "BOF RegSave" Project. README Source: EncodeGroup/BOF-RegSave

Stars

177

Open Issues

Last Commit

3 years ago

Repository

EncodeGroup/BOF-RegSave

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/bof-regsave"><img src="https://www.opensourceagenda.com/projects/bof-regsave/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022